Each Nexmo account can have up to two API secrets at any time. This allows you to create a second API secret, test your application and deploy the new configuration to production without interrupting your customer's service. Once that's done, you can revoke the existing API secret until you need to rotate your credentials again.

2a. Note that the Nexmo Secret Management API requires authentication to be done using an API key and secret sent Base64-encoded in the Authorization header. For example, if your API key is 'abcd123' and secret '12345qwerty' you would concatenate the key and secret with a : (colon) symbol and then encode them using Base64 encoding. There are many ways to generate Base64 strings, here is a website to help you encode your api key and secret.

2b. Your postman collection should now look something like this:

3. Send the API request. The API will return all secrets, along with secret_id and created_at time. The value of the secret will never be shown. Make a note of the ID that is relatively more aged (see the "created_at" value) Note, if you only have 1 API secret configured, go directly to step 5

4. Now we need to revoke the API secret that you just made a note of. Keeping the same headers, create a new request (tab), change your HTTP request to DELETE and append the URL with the secret ID

7c. Send the API request. The API response will contain a new secret ID.

8. Now we can validate the API secret has been created successfully. Login to the Nexmo Dashboard and navigate to settings. Ensure that the secret you created is detailed in either "API secret 1" or ""2

8b. If necessary, revoke a given API secret by following steps 3 to 4

Remember to update your application/environment accordingly with the new API secret

cURL

1. Create a GET request as follows.

1a. Note that the Nexmo Secret Management API requires authentication to be done using an API key and secret sent Base64-encoded in the Authorization header. For example, if your API key is 'abcd123' and secret '12345qwerty' you would concatenate the key and secret with a : (colon) symbol and then encode them using Base64 encoding. There are many ways to generate Base64 strings, here is a website to help you encode your api key and secret.

2. Send the API request. The API will return all secrets, along with their id and created_at time. The value of the secret will never be shown. Make a note of the ID that is relatively more aged (see the "created_at" value). If you only have 1 API secret configured, go to step 4.

3.Now we need to revoke the API secret that you just made a note of. Keeping the same headers, create a DELETE request and append the URL with the api secret ID you would like to revoke.

5. Now we can validate the API secret has been created successfully. Login to the Nexmo Dashboard and navigate to settings. Ensure that the secret you created is detailed in either "API secret 1" or ""2

5c. If necessary, revoke a given API secret by following steps 3 to 4

Remember to update your application/environment accordingly with the new API secret